Skip to content

Latest commit

 

History

History
862 lines (501 loc) · 48.4 KB

CHANGELOG.md

File metadata and controls

862 lines (501 loc) · 48.4 KB

Change Log

v2.1.3 (2023-12-11)

Full Changelog

Changed

  • feat: support for hosted token worker #1208 (DJMcK)

v2.1.2 (2023-08-21)

Full Changelog

Fixed

v2.1.1 (2023-07-18)

Full Changelog

Changed

v2.1.0 (2023-07-13)

Full Changelog

Added

Fixed

v2.0.8 (2023-06-14)

Full Changelog

Changed

v2.0.7 (2023-06-02)

Full Changelog

Changed

v2.0.6 (2023-05-30)

Full Changelog

Fixed

v2.0.5 (2023-05-22)

Full Changelog

Changed

v2.0.4 (2023-02-22)

Full Changelog

Fixed

v2.0.3 (2023-02-04)

Full Changelog

Fixed

v2.0.2 (2023-01-12)

Full Changelog

Security

This patch release is identical to 2.0.1 but has been released to ensure tooling no longer detects a vulnerable version of jsonwebtoken being used.

Even though 2.0.1 was not vulnerable for the related CVE because of the fact that jsonwebtoken is a devDependency, we are cutting a release to ensure build tools no longer report our SDK as vulnerable to the mentioned CVE.

v2.0.1 (2022-12-08)

Full Changelog

Changed

Fixed

v2.0.0 (2022-10-27)

Full Changelog

Auth0-SPA-JS v2 includes many significant changes compared to v1:

As with any major version bump, v2 of Auth0-SPA-JS contains a set of breaking changes. Please review the migration guide thoroughly to understand the changes required to migrate your application to v2.

v2.0.0-beta.1 (2022-10-12)

Full Changelog

Fixed

  • Ensure getTokenSilently works when mixing return types #1016 (frederikprijck)
  • Close MessageChannel after receiving and processing message from worker #1023 (ewanharris)

v2.0.0-beta.0 (2022-10-01)

Full Changelog

Auth0-SPA-JS v2 includes many significant changes compared to v1:

As with any major version bump, v2 of Auth0-SPA-JS contains a set of breaking changes. Please review the migration guide thoroughly to understand the changes required to migrate your application to v2.

v1.22.5 (2022-10-12)

Full Changelog

Fixed

v1.22.4 (2022-09-08)

Full Changelog

Fixed

v1.22.3 (2022-08-25)

Full Changelog

Changed

  • feat(ClientStorage#remove):added support of cookieDomain #935 (Dannnir)

Fixed

v1.22.2 (2022-07-19)

Full Changelog

Changed

v1.22.1 (2022-06-14)

Full Changelog

Changed

v1.22.0 (2022-05-24)

Full Changelog

Added

  • Silent auth fallback when using Refresh Tokens can now be disabled #907 (frederikprijck)

Security

v1.21.1 (2022-05-10)

Full Changelog

Fixed

  • Organization ID hint cookie now respects cookieDomain config setting #900 (Dannnir)

Security

  • [Snyk] Upgrade core-js from 3.21.1 to 3.22.0 #901 (snyk-bot)
  • [Snyk] Upgrade promise-polyfill from 8.2.1 to 8.2.3 #893 (snyk-bot)

v1.21.0 (2022-04-01)

Full Changelog

Added

  • FEAT override cookie domain option #885 (Soviut)

Fixed

v1.20.1 (2022-03-04)

Full Changelog

Fixed

v1.20.0 (2022-02-14)

Full Changelog

Added

Changed

  • clarify documentation comment for getTokenSilently #874 (jdugan1024)

Fixed

  • Fix getTokenSilently reference in example code #868 (mdlavin)

Security

v1.19.4 (2022-01-14)

Full Changelog

Fixed

  • Org ID hint cookie expiry now aligns with is.authenticated cookie #861 (stevehobbsdev)

Security

v1.19.3 (2021-12-01)

Full Changelog

Changed

  • Make RedirectLoginOptions and RedirectLoginResult accept generic AppState #846 (frederikprijck)

Fixed

v1.19.2 (2021-10-18)

Full Changelog

This release fixes an anomoly with a new type we exposed in #803, where it was incorrectly wrapped with Partial. We don't expect this change to introduce any issues, but if you are affected please raise it on our issue tracker.

Fixed

  • GetTokenSilentlyVerboseResponse no longer uses partial TokenEndpointResponse type #820 (stevehobbsdev)

v1.19.1 (2021-10-14)

Full Changelog

Republished version 1.19.0, which got published during a period npm was suffering downtime issues, resulting in 1.19.0 being released but not installable for end users. Users should install 1.19.1 instead.

v1.19.0 (2021-10-11)

Full Changelog

Added

v1.18.0 (2021-09-15)

Full Changelog

Added

  • [SDK-2750] Expose mfa_token from the mfa_required error when getting new tokens #789 (frederikprijck)

Changed

  • [SDK-2759] Re-scoping cookies and transactions to client ID #796 (stevehobbsdev)
  • [SDK-2320] Throw login_required error in SPA SDK if running in a cross-origin is… #790 (frederikprijck)

Fixed

v1.17.1 (2021-09-03)

Full Changelog

Fixed

v1.17.0 (2021-08-03)

Full Changelog

Added

  • Add useFormData to enable application/x-www-form-urlencoded requests #768 (stevehobbsdev)

Changed

v1.16.1 (2021-07-07)

Full Changelog

Fixed

v1.16.0 (2021-07-05)

Full Changelog

Added

v1.15.0 (2021-04-29)

Full Changelog

Added

Fixed

  • Fix popup blocker showing for loginWithPopup in Firefox & Safari #732 (stevehobbsdev)

v1.14.0 (2021-03-22)

Full Changelog

Added

Changed

  • Add screen_hint parameter to BaseLoginOptions #721 (damieng)

Fixed

  • Updated minor syntax, to allow for TypeScript compiler to be happier #714 (kachihro)
  • Revert [SDK-2183] Add warning when requested scopes differ from retrieved scopes #712 (frederikprijck)

v1.13.6 (2021-01-07)

Full Changelog

Changed

Fixed

Security

v1.13.5 (2020-12-08)

Full Changelog

Changed

Fixed

  • [SDK-1739] Recover and logout when throwing invalid_grant on Refresh Token #668 (frederikprijck)

Remarks

This release updates the getUser return type to be more correct. Instead of returning Promise<TUser>, it now returns Promise<TUser | undefined>, which might lead to an Object is possible 'undefined' compiler error in situation where the return value is not checked for being undefined while having set the TypeScript's --strictNullChecks compiler flag to true.

v1.13.4 (2020-12-02)

Full Changelog

Added

Changed

v1.13.3 (2020-11-13)

Full Changelog

Fixed

  • [SDK-2156] Heed timeoutInSeconds when calling getTokenSilently with refresh tokens #639 (stevehobbsdev)

v1.13.2 (2020-11-09)

Full Changelog

Added

v1.13.1 (2020-10-29)

Full Changelog

Changed

Fixed

  • Fix leaking windows message event listener #422 (yinzara)

v1.13.0 (2020-10-21)

Full Changelog

Added

Fixed

v1.12.1 (2020-09-17)

Full Changelog

Fixed

  • Remove sessionStorage requirement from instantiation to fix SSR environments #578 (adamjmcgrath)

v1.12.0 (2020-09-04)

Full Changelog

Added

Changed

Fixed

v1.11.0 (2020-07-21)

Full Changelog

Added

Fixed

v1.10.0 (2020-06-17)

Full Changelog

Changed

  • [SDK-1696] Allow caller of cache.get to specify an expiry time adjustment #491 (stevehobbsdev)

Fixed

v1.9.0 (2020-06-02)

Full Changelog

Added

  • [SDK-1695] Add auth0Client option so wrapper libraries can send their own client info #490 (adamjmcgrath)
  • Add checkSession and ignore recoverable errors #482 (adamjmcgrath)

Fixed

v1.8.2 (2020-05-26)

Full Changelog

Fixed

  • [SDK-1640] Allow the client to be constructed in a Node SSR environment #471 (adamjmcgrath)
  • [SDK-1634] Pass custom options to the token endpoint #465 (stevehobbsdev)
  • [SDK-1649] Fix issue where cache was missed when scope parameter was provided #461 (adamjmcgrath)

v1.8.1 (2020-05-06)

Full Changelog

Fixed

v1.8.0 (2020-04-30)

Full Changelog

Added

Fixed

v1.7.0 (2020-04-15)

Full Changelog

Added

Changed

Fixed

Security

v1.7.0-beta.5 (2020-03-26)

Full Changelog

Changed

v1.7.0-beta.4 (2020-03-03)

Full Changelog

Changed

  • [SDK-1386] Fall back to iframe method if no refresh token is available #364 (stevehobbsdev)

Fixed

v1.7.0-beta.3 (2020-02-17)

Full Changelog

Added

  • Export types from global TypeScript file. #310 (maxswa)

Changed

  • [SDK-1352] Removed setTimeout cache removal in favour of removal-on-read #354 (stevehobbsdev)
  • [SDK-1352] Stop checking isAuthenticated cookie on initialization when using local storage #352 (stevehobbsdev)
  • [SDK-1279] getTokenSilently retry logic #336 (stevehobbsdev)

v1.7.0-beta.2 (2020-01-16)

Full Changelog

Changed

v1.7.0-beta.1 (2020-01-08)

Added

  • Ability to use either an in-memory cache (the default) or localstorage to store tokens - stevehobbsdev - #303
  • Added support for rotating refresh tokens - stevehobbsdev - #315

v1.6.5 (2020-03-19)

Full Changelog

Changed

Fixed

  • [SDK-1127] Delay removal of iframe to prevent Chrome hanging status bug #240 #376 (adamjmcgrath)
  • [SDK-1125] createAuth0Client now throws errors that are not login_required #369 (stevehobbsdev)

v1.6.4 (2020-02-10)

Full Changelog

Changed

  • [SDK-1308] Return appState value on error from handleRedirectCallback #348 (stevehobbsdev)
  • Configurable timeout for getTokenSilently() #347 (Serjlee)

v1.6.3 (2020-01-28)

Full Changelog

Fixed

v1.6.2 (2020-01-13)

Full Changelog

Removed

Removed future issued-at claim check stevehobbsdev - #329

v1.6.1 (2020-01-07)

Fixed

Included core-js polyfill for String.includes to fix an issue with browser-tabs-lock in IE11 stevehobbsdev - #325 Added import definition to Getting Started section in the Readme for clarity thundermiracle - #294

v1.6.0 (2019-11-19)

Added Added buildAuthorizeUrl and url parameter to handleRedirectCallback - austin43 - #280

Fixed Released browser lock on getTokenSilently error - #276 Updates browser-tabs-lock to fix issue of long acquired lock - super-tokens - https://github.com/auth0/auth0-spa-js/commit/3413e30bdb5955c818989cdc050079fa6efb6050

v1.5.0 (2019-10-31)

Added Add a new property 'fragment' to be appended to the authorize URL on redirect - #249

v1.4.2 (2019-10-30)

Fixed Update typescript definition for max_age param - #260 Fix for typings files in packaged SDK - #263

v1.4.1 (2019-10-30)

Fixed Updated types path in package.json #261

v1.4.0 (2019-10-30)

Added Add 'lock' to prevent getTokenSilently to be invoked in parallel #238 Improved OIDC compliance #248

Fixed Fix for race condition when using sha256 on IE11 #252 Fixed the codeowners file with the correct group #253 Document leeway default value #256 Clear transaction data on error #254

v1.3.2 (2019-10-17)

Fixed parseQueryString now removes hash fragment on query before parsing #246

v1.3.1 (2019-10-14)

Fixed Fix IE msCrypto.subtle usage #242

v1.3.0 (2019-10-10)

Fixed Add missing char for nonce/state generation #230 Fix query parsing when using hash routing #231 Fix safari10 initialization error #232

Changed Add early expiration of Access Token in cache #233

v1.2.4 (2019-09-24)

Fixed

Fix empty PKCE code challenge #221

v1.2.3 (2019-09-02)

Fixed

Fix incorrect state extraction from query string #197

v1.2.2 (2019-08-28)

Fixed

Fix SSR errors with fetch polyfill usage #184

v1.2.1 (2019-08-27)

Fixed

Replace promise polyfill for a pure one. This fixes using this library with zone.js. #180

v1.2.0 (2019-08-26)

Fixed

  • Expose raw id_token in the getIdTokenClaims method #175
  • Fix bug where oauth/token call ignores options.audience #134

Added

  • Add IE11 polyfills #154
  • Add popup timeout config #133
  • Add ?federated logout param #129

v1.1.1 (2019-07-22)

Fixed

  • Make sure the production bundle is ES5 compatible. #98

v1.1.0 (2019-07-15)

Changed

  • Allow redirect_uri override in loginWithRedirect - #66
  • Make options argument for popup and redirect optional - #61
  • Mark redirect_uri optional in RedirectLoginOptions - #53

v1.0.2 (2019-07-02)

Changed

  • Add polyfill for TextEncoder - #46

v1.0.1 (2019-06-24)

Changed

  • Reduce transaction cookie size - #32

v1.0.0 (2019-06-19)

Initial Release